Healthcare Sector Data Breach Disclosures Expand Victim Counts Across Multiple Incidents
Multiple healthcare-related breach disclosures expanded significantly, led by TriZetto Provider Solutions reporting to regulators that 3,433,965 people were affected after an attacker used a web portal to access historical eligibility reports containing sensitive data (including SSNs and insurance information). Separately, Conduent Business Services told Wisconsin regulators that its incident now impacts “25 million-plus” people nationwide; the Xerox spinoff had previously reported ~15.5 million affected in Texas, prompting an investigation by Texas AG Ken Paxton, while reporting noted the event is still smaller than the largest U.S. health-data breach on record.
Reporting on the Change Healthcare ransomware incident reiterated that UnitedHealth estimated roughly 190 million people were affected, with congressional testimony attributing initial access to a Citrix remote access portal lacking MFA, followed by data theft and ransomware deployment; reporting also cited a $22 million ransom payment. In the Asia-Pacific region, a separate healthcare privacy incident involving New Zealand’s ManageMyHealth patient portal was cited as exposing data from ~120,000 people, and was used to underscore governance, access control, and third-party oversight gaps as recurring drivers of healthcare-sector exposure.
Timeline
Feb 25, 2026
TriZetto updated breach total to 3.43 million people
TriZetto updated its report to Oregon's Department of Justice to state that 3,433,965 people were affected and filed breach notifications in multiple states. Some private medical providers and several states also publicly confirmed victim counts.
Feb 25, 2026
Conduent reported at least 25 million people affected
In a filing to Wisconsin regulators, Conduent said the breach affects at least 25 million people nationwide, a major increase from earlier state-level disclosures. Texas and Montana officials were also investigating impacts tied to Blue Cross Blue Shield members.
Feb 25, 2026
Oregon counties warned residents about TriZetto impact
County governments in Oregon previously warned that the TriZetto incident affected hundreds of thousands of residents whose data was exposed through the compromised portal.
Feb 24, 2026
ManageMyHealth breach exposed about 120,000 people
A breach of New Zealand's ManageMyHealth patient portal exposed sensitive information for roughly 120,000 people, making it one of the country's most significant healthcare privacy incidents.
Dec 1, 2025
TriZetto began notifying customers about the breach
TriZetto began notifying customers in December after investigating the incident with law enforcement and Mandiant.
Oct 1, 2025
TriZetto discovered its 2024 breach
TriZetto discovered the breach in October 2024, according to later reporting cited in the update on the incident.
Apr 1, 2025
Conduent publicly disclosed the breach in an SEC filing
Conduent first publicly disclosed the hacking incident in an SEC filing in April 2025, before later state notifications expanded the known scale of impact.
Jan 13, 2025
Conduent discovered the hacking incident
Conduent said it discovered the breach on 2025-01-13 and later determined the compromise had been ongoing since October 2024.
Nov 1, 2024
TriZetto attacker began accessing historical eligibility reports
At TriZetto Provider Solutions, malicious activity began in November 2024 when an attacker accessed historical eligibility reports through a web portal, exposing data later described as including Social Security numbers, addresses, and health insurance numbers.
Oct 21, 2024
Conduent systems were accessed without authorization
Conduent said attackers had unauthorized access to its servers from 2024-10-21 through 2025-01-13, potentially exposing sensitive personal and health-related data affecting patients nationwide.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
Third-Party Healthcare and Benefits Service Provider Breaches Expand to Millions of Victims
Health insurance technology provider **TriZetto Provider Solutions** (a Cognizant subsidiary) updated breach notifications indicating the impact of its **November 2024** intrusion has grown to **more than 3.4 million** affected individuals. Disclosures to state regulators and downstream notifications from county governments and healthcare providers indicate theft of sensitive personal data including **addresses, Social Security numbers, and health insurance identifiers**, with some jurisdictions reporting hundreds of thousands of impacted residents. Separately, the **Conduent** incident has expanded dramatically in public filings, with reported totals rising from roughly **10.5 million** to **more than 25 million** affected individuals across the US, including a major increase in **Texas** (reported at **15.4 million**) while **Oregon** remains around **10.5 million**. Reporting indicates attackers maintained access for roughly **three months** and exfiltrated about **8 TB** of data, underscoring the systemic risk posed by large, behind-the-scenes vendors that support **Medicaid/SNAP and other state benefit programs**, healthcare-related processing, and major employer services—creating a wide “blast radius” even for individuals unfamiliar with the vendor name.
1 months ago
Large US Healthcare Data Breaches Impacting Millions of Patients
Multiple healthcare-sector data breaches were disclosed with significant exposure of **protected health information (PHI)**. TriZetto Provider Solutions (TPS), an insurance verification provider, reported a compromise that began in **November 2024** and was not detected until nearly a year later; the threat was reportedly eradicated on **Oct. 2, 2025**. Notifications to affected healthcare provider customers across several states continued into late 2025 and early 2026, with one Oregon advisory estimating exposure affecting **more than 700,000 people**; impacted providers stated there was no current evidence of misuse and that **financial details were not stolen**. Separately, Healthcare Interactive (*HCIactive*), an AI-powered insurance enrollment and benefits administration vendor, confirmed that an intrusion and data exfiltration tied to activity in mid-2025 ultimately affected **3,056,950 individuals**, after earlier placeholder reporting while scope was still being determined; reported unauthorized access windows vary from **July 8–12, 2025** to a broader **June 17–July 22, 2025**. Another incident involved AI care-coordination platform *Lena Health*, where a threat actor claimed exposure of patient data (including references to a **Twilio call recording database**) and alleged that **2,134 patients’ PHI** was stored in an unencrypted export in a public-facing **AWS S3 bucket**, with follow-on reporting indicating exploitation after a publicly disclosed vulnerability and an available patch that was not applied in time.
1 months ago
Healthcare Provider Data Breaches and Ransomware-Linked Patient Data Exposure
Multiple U.S. healthcare organizations reported **unauthorized network access and patient data exposure**, with several incidents involving confirmed **data exfiltration** and follow-on notification/credit-monitoring actions. **QualDerm Partners** disclosed unauthorized access between **Dec. 23–24, 2025** with files exfiltrated and notifications being sent on a rolling basis, while **Carolina Foot & Ankle Associates** reported a **Dec. 2025** intrusion detected after a network disruption and confirmed exfiltration of files containing PHI (e.g., demographics, MRNs, insurance data, and treatment/billing codes). Additional breach disclosures included **Cedar Point Health** (intrusion detected around **June 16, 2025**, with a months-long data review concluding in late Jan. 2026 and impacted data potentially including SSNs/ITINs and government IDs) alongside separate notifications from **Wee Care Pediatrics** and **Easterseals Northeast Indiana**. Legal and regulatory consequences continued to surface from earlier healthcare incidents. **Asheville Eye Associates** agreed to settle consolidated class-action litigation tied to a **Nov. 2024** attack claimed by **DragonForce ransomware**, which allegedly exfiltrated **~540 GB** before encrypting systems and later leaked data when ransom was not paid; the breach was reported to HHS OCR as affecting **204,984** individuals. Sector-wide reporting also indicated **46** large healthcare breaches logged for **Jan. 2026** on the HHS OCR portal (500+ individuals), exposing **~1.44 million** individuals’ PHI, amid discussion that late-2025 reporting backlogs may have influenced recent month-to-month trends.
1 months ago